PKI Certificate Verification MP – Update 220.127.116.11
Posted by rburri on August, 12 2014
The 1st update to the rewritten certificate management pack is ready. The update to 18.104.22.168 is mostly about more powerful filtering options for the certificate discoveries. It is now possible to use regular expressions to:
- Include / Exclude based on “Subject”
- Include / Exclude based on “Issuer”
- Exclude based on “Enhanced Key Usage” OIDs
Note that the filters will have to be based on the exact string output of the certificate objects as presented in PowerShell. Hence check those before attempting to write RegEx filters using:
ls cert:\LocalMachine\My | fl Subject, Issuer
All characters (including blanks) are being taken into account. The discovery filters are using .NET RegEx expression syntax. Please test your expressions using a suitabe tool before using them for your overrides (I am often using Regex Hero but there are plenty of other options out there).
Once store discovery is enabled, the default filter settings of the MP will discover any certificates with the exception of self-signed and MS NAP ones. Refer to the MP guide and the release notes if you plan to make use of the advanced filter options. And remember to override the store discovery, not the certificate one.
Find the Management Pack at its home on System Center Central: